IBM Crypto Education Community

 View Only

 Identify actual bytes signed in x.509 for DSV call

Jump to  Best Answer
Mark Vollmer's profile image
Mark Vollmer posted Tue July 22, 2025 05:13 PM

Everyone,

I'm looking to validate the signature of a certificate using a CA certificate.

The DSV call does indeed allow me to provide the CA cert as a full x.509 certificate in DER or PEM format.

I just wish the DSV call would allow me to pass the certificate I want to validate in the same form.  But it requires me to pass just the data to be signed.

So I've looked into the TBS fields and we have the OID 1.2.840.113549.1.7.2 helping me out.   What I don't know is whether the data starts right after this tag, or it includes this tag.   The RFC 5280 tells me the fields that are potentially included, but even if I'm one byte off, my DSV call will fail.

Here is an example of what I'm trying to parse...

Does the signed data start with the red x'06' byte, or does it start with the x'A0' byte at offset FF, or does it start at the x'30' byte at offset x'13' or is it a different byte?

If anyone knows the answer to this, I could use a heads up on getting this right.

Eric Rossman's profile image
Eric Rossman  Best Answer
I've confirmed my answer.
 
I extracted the TBSCertificate, signatureAlgorithm, and signature from the subject certificate and then parsed the signatureAlgorithm to determine the hash algorithm to use (it was SHA-1).
 
Then, I extracted the public key from the CA certificate.
 
Then, I built the public key token using CSNDPKB.
 
Then, I called CSNDDSV with
rule_array         = 'RSA     '||'MESSAGE '||'SHA-1   '||'PKCS-1.1';            
data               = tbsCertificate;
sig_field          = signature;
to verify the certificate.
In your example, that would be 30 82 03 5B plus the next 0x035B bytes of data.
Eric Rossman's profile image
Eric Rossman

I'm double-checking my answer but my understanding from RFC 5280 is that the signed message is the second sequence (first nested sequence) in its entirety.

Quoting:

4.1.1.3.  signatureValue
 
   The signatureValue field contains a digital signature computed upon
   the ASN.1 DER encoded tbsCertificate.  The ASN.1 DER encoded
   tbsCertificate is used as the input to the signature function.  This
   signature value is encoded as a BIT STRING and included in the
   signature field.  The details of this process are specified for each
   of the algorithms listed in [RFC3279], [RFC4055], and [RFC4491].

Given that wording, in your example, it would start at the 30 (SEQUENCE) four bytes before what you have highlighted.